Controlling access to environments has been important ever since the first lock was installed in a door; moreover, once an individual has entered a controlled environment, making sure he goes only where he's authorized has historically required additional locks and keys, or some kind of guards/gatekeepers. These problems are essentially the same even in the age of computers, although the technology used not only to solve them but also to defeat the safeguards has become more sophisticated.
One common way to control access to a building is to require individuals to use an access card, such as an ID badge, which the user holds up to a scanner or shows to a guard. For more security, some systems also require the user to enter a password and/or “PIN” and/or pass a verification of a biometric feature such as a fingerprint or retina scan. For example, currently, access to a secure government facility sometimes requires an RFID-based ID “Common Access Card” CAC card (for example) and a 4 digit PIN.
One problem with existing arrangements is that, even if security through an initial portal is deemed sufficient, it becomes complicated—or at best repetitive—to monitor access once an individual passes the first check. For example, the badge/password/PIN procedure, or some portion of it, may have to be repeated to permit entry through a chain of doors that lead to a room where a piece of client equipment can be used to access a secure network. In a more sophisticated arrangement, a security person may be able to track down what access portals a particular badge has crossed, but that is typically the extent of the monitoring.
Smart mobile technology, including phones, tablets, etc., presents both challenges and opportunities in the context of access control. Because most such devices can record both images and sounds, load and store data, as well as access (or at least detect some of the possibly classified characteristics of) networks, many secure facilities simply forbid users from bringing them in. This is inconvenient for most modern users, and also fails to leverage the capabilities of such devices.
One proposed idea for using smart mobile technology in a secure environment is described by Souppaya, Murugiah, et al., in “Derived Personal Identity Verification (PIV) Credentials” (draft), Information Technology Laboratory, National Institute of Standards and Technology (NIST), 18 Jun. 2015. Souppaya, et al., propose a scheme that employs tokens on mobile devices, such that derived PIV credentials and their corresponding private keys may be used. Solutions such as Souppaya's focus on verifying the identity of the device user, but fail to provide any mechanism to authenticate the user's device itself. First, what if the mobile device user himself is a threat and, after having his identity properly verified, proceeds to use his mobile device in an unauthorized manner, such as to store classified information that he then removes from the facility, or to be the medium that carries malicious code he then installs on the secure system? Second, without the user's knowledge, the mobile device itself may contain and be executing code, for example, to capture network data or voice conversations, to record video or other images, etc. In short, just because the user's identity is verified doesn't mean that the mobile device he takes into a secured facility is safe.
One other common method of access control uses a dongle, which generates a time-dependent code that must match the code the higher level system expects. Sometimes, a password and card that carries a smart chip, or both, is required just to operate the dongle. One drawback of such systems is that they require a complicated infrastructure to procure, program, and distribute the dongles themselves, but also to ensure precisely coordinated timing. Furthermore, dongle-based solutions rely on a comparison of secrets, in particular, any passwords, and the dongle-generated codes.